Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products.

Published byStephen Young Modified over 8 years ago

Similar presentations

Presentation on theme: "Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products."— Presentation transcript:

1 Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products

2 Network Administrator’s Tools and Utilities Network administrators use a wide variety of software ________ to monitor, diagnose and control the network around them. There are certain basic administrative, troubleshooting and monitoring tools and utilities that every cyber security specialist should have in their toolbox. Monitoring Tools Are needed to secure a network!!!! These tools can be used to ensure that servers (or even specific services on those servers) are up and running or they can be used to simply monitor data flow. Typically, server or service monitoring products will send requests to that service and measure the response (Example: HTTP request to a web server)

3 Packet Analyzers A packet analyzer is typically inserted into the network so that network traffic flows through it allowing packets to be captured in real time. As the network traffic passed through the analyzer, it “________” the packets looking for ___________ activity or just logs what’s going on. Packet and protocol analyzers require two network interfaces so they can examine the network activity as it flows through them.

4 Nagios and Icinga Monitoring Tools Nagios - is a __________________ tool used to monitor critical IT infrastructure components, including system metrics, network protocols, applications, services, servers and networks. It is probably the most well known network monitoring tool that still has a free version but has grown to offer a full-featured commercial enterprise version as well. Icinga - is a monitoring tool that checks the ____________ of your resources, notifies users of outages and provides extensive Business Intelligence (BI) data, It is an interesting open source alternative that is more full-featured than the free version of Nagios. Both products have plenty of monitoring, reporting and notification options that are best suited to uptime monitoring but can monitor performance as well.

5 Solar Winds and Microsoft Network Monitor Monitoring Tools SolarWinds offers an incredibly powerful commercial network performance ___________ product. While this product is somewhat expensive it is immensely powerful and can monitor uptime, performance, traffic flow, utilization and offer a plethora of reporting, graphing and notification options. Microsoft Network Monitor is a packet analyzer that can help you view your traffic flows and troubleshoot network problems. As you might expect this product does a wonderful job interacting with proprietary Microsoft protocols but most common public protocols are supported as well.

6 Wireshark Wireshark ( wireshark.org ) is a mature open-source and cross-platform network protocol ________________. It is probably the most well known protocol analyzer and it supports just about every protocol and runs on nearly any platform. Wireshark is a valuable tool for capturing and subsequently analyzing traffic to discover as well as troubleshoot network issues. It can be used to learn more about the protocols used on a given network. This tool is easy to employ but requires experience and practice to accurately analyze the results it produces. However, every network admin should have this product in their arsenal.

7 Wireshark

8 Snort Monitoring Tool Snort ( snort.org ) an open source, cross-platform intrusion ________________ system that provides real-time traffic analysis, packet logging, and protocol analysis, active detection for worms, port scans and vulnerability exploit attempts. It is useful in monitoring the network in real time. It is well suited to identifying probes and attacks but can act as a network sniffer as well. Snort is an excellent product for networks that feature public services.

9 Snort Network Monitoring Tool

10 Nmap Network Monitoring Tool Nmap ( nmap.org ) is a security __________ used to discover hosts and services on a computer network thus creating a “map” of the network. It is an open source and cross-platform network mapper utility for discovery and security auditing performing network inventory, as well as monitoring and upgrade scheduling. It is an excellent product for examining and profiling your network as well as discovering ports and versions.

11 Nikto Network Monitoring Tool Nikto ( cirt.net/nikto2 ) is an open-source web server __________ that can identify issues on a web server. Nikto - is an open web server scan which performs comprehensive tests against against multiple items including 6,400 potentially dangerous files/CGI checks for outdated version of over 1200 servers and version specific problems for over 270 servers. https://www.google.com/search?q=Nikto&safe=active&rls=com.microsoft:en-US:IE- Address&source=lnms&tbm=isch&sa=X&ved=0CAcQ_AUoAWoVChMIl_TvwdujyAIVRDU- Ch0_oQlK&biw=1366&bih=652#imgrc=-ueJXmVFIeE2HM%3A economic

12 Open VAS Network Monitoring Tool OpenVAS ( openvas.org ) is an open-source vulnerability _________ for Linux and Windows that is a fork of the last free version of the now commercial Nessus. Built as a full vulnerability management solution this tool uses SCAP and can perform a number of network vulnerability tests ( NVT ) and look for common vulnerabilities and exposures ( CVE ). This product has a bit of a learning curve but it is a well respected and powerful tool worth consideration.

13 Metasploit Network Monitoring Tool Metasploit ( metasploit.com ) is one of the most popular open- source Penetration _________ frameworks available. It is available for both Windows and Linux environments. It is commonly used to identify and validate network vulnerabilities, including simulating attacks that prey on human vulnerabilities. Metasploit can also be used to prioritize responses to network vulnerabilities discovered.

14 Browser Exploit Framework Network Monitoring Tools The Browser Exploitation Framework ( BeEF ) ( beefproject.com ) is a notable open-source __________________ testing tool, but it focuses on web-borne attacks through a web browser. EF is available for MacOS, Windows and Linux.

15 Other Security Products Nessus- market defining vulnerability ____________ for auditors and security analysts Core Impact Penetration Testing Software - the most powerful exploitation tool available. Cost 30,000 Nexpos (Rapid 7) is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection verification and risk management hardware solutions such as – Netscout from nGenius – that offer serious solutions for monitoring network services and performance. Every network should have some sort of monitoring enabled at all times and every network administrator should have access to a dependable packet sniffing tool too.

Download ppt "Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products."

Similar presentations

The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
OpenVAS Vulnerability Assessment Group 5 Igibek Koishybayev; Yingchao Zhu ChenQian; XingyuWu; XuZhuo Zhang.

OpenVAS Vulnerability Assessment Group 5 Igibek Koishybayev; Yingchao Zhu ChenQian; XingyuWu; XuZhuo Zhang.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Click to edit Master subtitle style Chapter 18: Software and Hardware Tools Instructor:

Click to edit Master subtitle style Chapter 18: Software and Hardware Tools Instructor:
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Www.skyboxsecurity.com Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Similar presentations

Ads by Google